Vulnerability Name: | CVE-2022-2191 (CCN-230671) | ||||||||||||
Assigned: | 2022-07-07 | ||||||||||||
Published: | 2022-07-07 | ||||||||||||
Updated: | 2022-09-09 | ||||||||||||
Summary: | In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths. | ||||||||||||
CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||
Vulnerability Type: | CWE-404 | ||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2022-2191 Source: XF Type: UNKNOWN eclipse-cve20222191-dos(230671) Source: CCN Type: Eclipse GIT Repository SslConnection does not release pooled ByteBuffers in case of errors Source: CONFIRM Type: Exploit, Vendor Advisory https://github.com/eclipse/jetty.project/security/advisories/GHSA-8mpp-f3f7-xc28 Source: CONFIRM Type: UNKNOWN https://security.netapp.com/advisory/ntap-20220909-0003/ Source: CCN Type: IBM Security Bulletin 6825139 (QRadar User Behavior Analytics) Multiple vulnerabilities in Zookeeper affecting IBM QRadar User Behavior Analytics (CVE-2022-2191, CVE-2022-2047, CVE-2022-2048, CVE-2022-24823, CVE-2020-36518) Source: CCN Type: IBM Security Bulletin 6825513 (Rational Change) Multiple Vulnerabilities in Rational Change Fix Pack 04 for 5.3.2 Source: CCN Type: IBM Security Bulletin 6825515 (Rational Synergy) Multiple Vulnerabilities in Rational Synergy 7.2.2.4 Source: CCN Type: IBM Security Bulletin 6829321 (InfoSphere Information Server) Multiple vulnerabilities in Eclipse Jetty affect IBM InfoSphere Information Server Source: CCN Type: IBM Security Bulletin 6840987 (Rational Performance Tester) Rational Performance Tester contains vulnerabilities which could affect Eclipse Jetty. Rational Performance Tester has taken steps to mitigate these vulnerabilities. Source: CCN Type: IBM Security Bulletin 6840989 (Rational Performance Tester) Rational Service Tester contains vulnerabilities which could affect Eclipse Jetty. Rational Service Tester has taken steps to mitigate these vulnerabilities. Source: CCN Type: IBM Security Bulletin 6983274 (Cognos Command Center) IBM Cognos Command Center is affected by multiple vulnerabilities Source: CCN Type: Mend Vulnerability Database CVE-2022-2191 | ||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||
BACK |